VMware vSphere

Hi,

We would like to to setup remote management of our ESXi hosts (version 5.5.0.2068190) so that we can connect to them via the vSphere client securely and from externally but we need to change the management ports that the ESXi hosts listens on (HTTP TCP 80 and HTTPS TCP 443) because they are generally in use by the onsite Windows Servers.

The "Changing the port used by the vSphere Client to connect directly to the ESX/ESXi host (1021199)" VMware knowledgebase post at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1021199 documents this stating that you have to:

1. Change the values between the <httpPort> and <httpsPort> tags in the "/etc/vmware/hostd/proxy.xml" file.

2. Run a "service mgmt-vmware restart" command.

However, after learning that these steps are out of date, I aggregated new steps 1 and 2 for ESXi 5.1+ from the "Proxy.xml which we use to modify to enable HTTP for vSphere SDK is not found in ESX 5.1 server" VMware Communities forum post at https://communities.vmware.com/message/2161007 and the "Restarting the Management agents on an ESXi or ESX host (1003490)" VMware knowledgebase post at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003490, respectively:

1. Change the values between the <config><proxy><httpPort> and <httpsPort> tags in the  "/etc/vmware/rhttpproxy/config.xml" file via WinSCP or something similar (FileZilla didn't work due to a permissions error, for some reason).

2. Run "/etc/init.d/hostd restart" and "/etc/init.d/vpxa restart" sequential commands via SSH (ESXi Shell and SSH services must be enabled first via vSphere Client > Configuration > Software > Security Profile > Services > Properties > ESXi Shell / SSH > Options... > Start).

I have done and re-done as advised and even restarted the entire ESXi host but the ports have not changed and I can still remote into the host with the default ports .

If this can't be done then we can probably just translate the ports but, if possible, we'd like the ports to be the same internally and externally for ease-of-use.

Please advise.

Thanks.

Just a thought like this,

                                   instead of giving you all the trouble to change the ports etc... why don't you just use RDP from the outside to access the VC / other server that has access to VC/ESXi hosts and run VI Client from there?

Regards

Jonathan

This is what we're currently doing but the major advantage of this new setup is that we would be able to gain access to the VMs' consoles if there's ever an issue preventing RDP access which does happen every now and again.

Thanks.

Ben.

What about putting up a VPN server with Routing & Remote Access in Windows (either PPTP or SSTP) just for maintenance access?  This would avoid exposing all the hosts and you would be able to use either RDP or the client from external.

I don't think it's worth the headache of setting up and maintaining a VPN for every single ESXi host that we want to connect to and sometimes may not be possible due to limitations of equipment as opposed to remoting in on demand and the hosts wouldn't necessarily be exposed as the firewall would restrict access to our public IP addresses.

Does anyone know how to enforce the change of remote management ports? I think that would be the best way if possible.

Ben.